mirror of
https://git.FreeBSD.org/ports.git
synced 2024-11-23 00:43:28 +00:00
The Suricata Engine is an Open Source Next Generation Intrusion Detection and
Prevention Engine developed by the Open Information Security Foundation (OISF). This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. OISF is part of and funded by the Department of Homeland Security's Directorate for Science and Technology HOST program (Homeland Open Security Technology), by the the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as through the very generous support of the members of the OISF Consortium. More information about the Consortium is available, as well as a list of our current Consortium Members. The Suricata Engine and the HTP Library are available to use under the GPLv2. The HTP Library is an HTTP normalizer and parser written by Ivan Ristic of Mod Security fame for the OISF. This integrates and provides very advanced processing of HTTP streams for Suricata. The HTP library is required by the engine but may also be used independently in a range of applications and tools. WWW: http://openinfosecfoundation.org PR: ports/150191 Submitted by: Patrick Tracanelli <eksffa@freebsdbrasil.com.br>
This commit is contained in:
parent
95f3227edc
commit
a1a4b56363
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=260372
@ -847,6 +847,7 @@
|
|||||||
SUBDIR += sudosh2
|
SUBDIR += sudosh2
|
||||||
SUBDIR += sudosh3
|
SUBDIR += sudosh3
|
||||||
SUBDIR += super
|
SUBDIR += super
|
||||||
|
SUBDIR += suricata
|
||||||
SUBDIR += swatch
|
SUBDIR += swatch
|
||||||
SUBDIR += switzerland
|
SUBDIR += switzerland
|
||||||
SUBDIR += symbion-sslproxy
|
SUBDIR += symbion-sslproxy
|
||||||
|
71
security/suricata/Makefile
Normal file
71
security/suricata/Makefile
Normal file
@ -0,0 +1,71 @@
|
|||||||
|
# New ports collection makefile for: suricata
|
||||||
|
# Date created: Sun Aug 29 16:39:08 BRT 2010
|
||||||
|
# Whom: Patrick Tracanelli <eksffa@freebsdbrasil.com.br>
|
||||||
|
#
|
||||||
|
# $FreeBSD$
|
||||||
|
#
|
||||||
|
|
||||||
|
PORTNAME= suricata
|
||||||
|
PORTVERSION= 1.0.1
|
||||||
|
CATEGORIES= security
|
||||||
|
MASTER_SITES= http://openinfosecfoundation.org/download/ \
|
||||||
|
http://www6.freebsdbrasil.com.br/~eksffa/l/dev/suricata/
|
||||||
|
|
||||||
|
MAINTAINER= eksffa@freebsdbrasil.com.br
|
||||||
|
COMMENT= Open Source next generation IDS/IPS engine by OISF
|
||||||
|
|
||||||
|
LIB_DEPENDS= pcre.0:${PORTSDIR}/devel/pcre \
|
||||||
|
yaml:${PORTSDIR}/textproc/libyaml \
|
||||||
|
pcap.1:${PORTSDIR}/net/libpcap
|
||||||
|
|
||||||
|
BUILD_DEPENDS+= ${LIBNET_CONFIG}:${PORTSDIR}/net/libnet \
|
||||||
|
pkg-config:${PORTSDIR}/devel/pkg-config
|
||||||
|
|
||||||
|
USE_AUTOTOOLS= automake110 autoconf:262 libtool:22
|
||||||
|
|
||||||
|
USE_RC_SUBR= suricata
|
||||||
|
|
||||||
|
LIBNET_CONFIG?= ${LOCALBASE}/bin/libnet11-config
|
||||||
|
|
||||||
|
OPTIONS= IPFW "Enable IPFW/IPDIVERT for IPS usage" on \
|
||||||
|
PRELUDE "Enable Prelude NIDS integration" off
|
||||||
|
|
||||||
|
SUB_FILES= pkg-message
|
||||||
|
HAS_CONFIGURE= yes
|
||||||
|
USE_GMAKE= yes
|
||||||
|
USE_LDCONFIG= yes
|
||||||
|
|
||||||
|
CONFIG_DIR?= ${PREFIX}/etc/suricata
|
||||||
|
CONFIG_FILES= suricata.yaml classification.config
|
||||||
|
RULES_DIR= ${PREFIX}/etc/suricata/rules
|
||||||
|
LOGS_DIR= /var/log/suricata
|
||||||
|
|
||||||
|
.include <bsd.port.pre.mk>
|
||||||
|
|
||||||
|
.if defined(WITH_PRELUDE)
|
||||||
|
LIB_DEPENDS+= prelude.20:${PORTSDIR}/security/libprelude
|
||||||
|
CONFIGURE_ARGS+= --enable-prelude
|
||||||
|
PLIST_SUB+= PRELUDE=""
|
||||||
|
.endif
|
||||||
|
|
||||||
|
.if defined(WITH_IPFW)
|
||||||
|
CONFIGURE_ARGS+= --enable-ipfw
|
||||||
|
.endif
|
||||||
|
|
||||||
|
pre-install:
|
||||||
|
@${REINPLACE_CMD} -e 's|/etc/suricata|${PREFIX}/etc/suricata|g' ${WRKSRC}/suricata.yaml
|
||||||
|
|
||||||
|
post-install:
|
||||||
|
[ -d ${CONFIG_DIR} ] || ${MKDIR} ${CONFIG_DIR}
|
||||||
|
[ -d ${RULES_DIR} ] || ${MKDIR} ${RULES_DIR}
|
||||||
|
[ -d ${LOGS_DIR} ] || ${MKDIR} ${LOGS_DIR}
|
||||||
|
.for f in ${CONFIG_FILES}
|
||||||
|
${INSTALL_DATA} ${WRKSRC}/${f} ${CONFIG_DIR}/${f}-sample
|
||||||
|
@if [ ! -f ${CONFIG_DIR}/${f} ]; then \
|
||||||
|
${CP} -p ${CONFIG_DIR}/${f}-sample ${CONFIG_DIR}/${f} ; \
|
||||||
|
fi
|
||||||
|
.endfor
|
||||||
|
|
||||||
|
@${CAT} ${PKGMESSAGE}
|
||||||
|
|
||||||
|
.include <bsd.port.post.mk>
|
3
security/suricata/distinfo
Normal file
3
security/suricata/distinfo
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
MD5 (suricata-1.0.1.tar.gz) = ad42b854ef2b44499f0f1d1531b1ca36
|
||||||
|
SHA256 (suricata-1.0.1.tar.gz) = 7fbc8fe89a0a30171eddb8b066ab7e6ec811d14a73aa6bc9cea26fc1f36f4be4
|
||||||
|
SIZE (suricata-1.0.1.tar.gz) = 1607941
|
11
security/suricata/files/patch-Makefile.in
Normal file
11
security/suricata/files/patch-Makefile.in
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
--- libhtp/Makefile.in.dist 2010-08-30 22:01:03.000000000 -0300
|
||||||
|
+++ libhtp/Makefile.in 2010-08-30 22:02:08.000000000 -0300
|
||||||
|
@@ -250,7 +250,7 @@
|
||||||
|
ACLOCAL_AMFLAGS = -I m4
|
||||||
|
SUBDIRS = $(GENERIC_LIBRARY_NAME) test
|
||||||
|
EXTRA_DIST = ChangeLog COPYING LICENSE LIBHTP_LICENSING_EXCEPTION docs/doxygen.conf docs/QUICK_START
|
||||||
|
-pkgconfigdir = $(libdir)/pkgconfig
|
||||||
|
+pkgconfigdir = $(libdir)/../libdata/pkgconfig
|
||||||
|
pkgconfig_DATA = htp.pc
|
||||||
|
all: config.h
|
||||||
|
$(MAKE) $(AM_MAKEFLAGS) all-recursive
|
31
security/suricata/files/pkg-message.in
Normal file
31
security/suricata/files/pkg-message.in
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
=========================================================================
|
||||||
|
If you want to run Suricata in IDS mode, add to /etc/rc.conf:
|
||||||
|
|
||||||
|
suricata_enable="YES"
|
||||||
|
suricata_interface="<if>"
|
||||||
|
|
||||||
|
NOTE: Declaring suricata_interface is MANDATORY for Suricata in IDS Mode.
|
||||||
|
|
||||||
|
However, if you wanna run Suricata in Inline IPS Mode, add to /etc/rc.conf:
|
||||||
|
|
||||||
|
suricata_enable="YES"
|
||||||
|
suricata_divertport="8000"
|
||||||
|
|
||||||
|
NOTA BENE:
|
||||||
|
Suricata won't start in IDS mode without an interface configured.
|
||||||
|
Therefore if you omit suricata_interface from rc.conf, FreeBSD's
|
||||||
|
rc.d/suricata will automatically try to start Suricata in IPS Mode
|
||||||
|
(on divert port 8000, by default).
|
||||||
|
|
||||||
|
RULES: Suricata IDS/IPS Engine comes without rules by default. You should
|
||||||
|
add rules by yourself and set an updating strategy. To do so, please visit:
|
||||||
|
|
||||||
|
http://www.openinfosecfoundation.org/documentation/rules.html
|
||||||
|
http://www.openinfosecfoundation.org/documentation/emerging-threats.html
|
||||||
|
|
||||||
|
You may want to try BPF in zerocopy mode to test performance improvements:
|
||||||
|
|
||||||
|
sysctl -w net.bpf.zerocopy_enable=1
|
||||||
|
|
||||||
|
Don't forget to add net.bpf.zerocopy_enable=1 to /etc/sysctl.conf
|
||||||
|
=========================================================================
|
42
security/suricata/files/suricata.in
Normal file
42
security/suricata/files/suricata.in
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
# $FreeBSD$
|
||||||
|
|
||||||
|
# PROVIDE: suricata
|
||||||
|
# REQUIRE: DAEMON
|
||||||
|
# BEFORE: LOGIN
|
||||||
|
# KEYWORD: shutdown
|
||||||
|
|
||||||
|
# Add the following lines to /etc/rc.conf to enable suricata:
|
||||||
|
# suricata_enable (bool): Set to YES to enable suricata
|
||||||
|
# Default: NO
|
||||||
|
# suricata_flags (str): Extra flags passed to suricata
|
||||||
|
# Default: -D -q
|
||||||
|
# suricata_interface (str): Network interface to sniff
|
||||||
|
# Default: ""
|
||||||
|
# suricata_conf (str): Suricata configuration file
|
||||||
|
# Default: ${PREFIX}/etc/suricata/suricata.yaml
|
||||||
|
# suricata_divertport (int): Port to create divert socket (Inline Mode)
|
||||||
|
# Default: 8000
|
||||||
|
|
||||||
|
|
||||||
|
. /etc/rc.subr
|
||||||
|
|
||||||
|
name="suricata"
|
||||||
|
rcvar=`set_rcvar`
|
||||||
|
|
||||||
|
command="%%PREFIX%%/bin/suricata"
|
||||||
|
|
||||||
|
load_rc_config $name
|
||||||
|
|
||||||
|
[ -z "$suricata_enable" ] && suricata_enable="NO"
|
||||||
|
[ -z "$suricata_conf" ] && suricata_conf="%%PREFIX%%/etc/suricata/suricata.yaml"
|
||||||
|
[ -z "$suricata_flags" ] && suricata_flags="-D"
|
||||||
|
[ -z "$suricata_divertport" ] && suricata_divertport="8000"
|
||||||
|
|
||||||
|
[ -n "$suricata_interface" ] && suricata_flags="$suricata_flags -i $suricata_interface --pidfile /var/run/suricata_${suricata_interface}.pid" \
|
||||||
|
&& pidfile="/var/run/suricata_${suricata_interface}.pid"
|
||||||
|
[ -z "$suricata_interface" ] && suricata_flags="$suricata_flags -d $suricata_divertport --pidfile /var/run/suricata_inline.pid" \
|
||||||
|
&& pidfile="/var/run/suricata_inline.pid" && info "Inline Mode on divert port $suricata_divertport (suricata_interface not defined)"
|
||||||
|
[ -n "$suricata_conf" ] && suricata_flags="$suricata_flags -c $suricata_conf"
|
||||||
|
|
||||||
|
run_rc_command "$1"
|
22
security/suricata/pkg-descr
Normal file
22
security/suricata/pkg-descr
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
The Suricata Engine is an Open Source Next Generation Intrusion Detection and
|
||||||
|
Prevention Engine developed by the Open Information Security Foundation (OISF).
|
||||||
|
|
||||||
|
This engine is not intended to just replace or emulate the existing tools in
|
||||||
|
the industry, but will bring new ideas and technologies to the field.
|
||||||
|
|
||||||
|
OISF is part of and funded by the Department of Homeland Security's Directorate
|
||||||
|
for Science and Technology HOST program (Homeland Open Security Technology),
|
||||||
|
by the the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as
|
||||||
|
through the very generous support of the members of the OISF Consortium.
|
||||||
|
|
||||||
|
More information about the Consortium is available, as well as a list of our
|
||||||
|
current Consortium Members.
|
||||||
|
|
||||||
|
The Suricata Engine and the HTP Library are available to use under the GPLv2.
|
||||||
|
|
||||||
|
The HTP Library is an HTTP normalizer and parser written by Ivan Ristic of
|
||||||
|
Mod Security fame for the OISF. This integrates and provides very advanced
|
||||||
|
processing of HTTP streams for Suricata. The HTP library is required by the
|
||||||
|
engine but may also be used independently in a range of applications and tools.
|
||||||
|
|
||||||
|
WWW: http://openinfosecfoundation.org
|
15
security/suricata/pkg-plist
Normal file
15
security/suricata/pkg-plist
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
lib/libhtp.a
|
||||||
|
lib/libhtp-0.2.so
|
||||||
|
lib/libhtp-0.2.so.1
|
||||||
|
libdata/pkgconfig/htp.pc
|
||||||
|
lib/libhtp.la
|
||||||
|
lib/libhtp.so
|
||||||
|
bin/suricata
|
||||||
|
etc/suricata/suricata.yaml
|
||||||
|
etc/suricata/suricata.yaml-sample
|
||||||
|
etc/suricata/classification.config-sample
|
||||||
|
etc/suricata/classification.config
|
||||||
|
@unexec /bin/rmdir %D/etc/suricata/rules 2>/dev/null || true
|
||||||
|
@unexec /bin/rmdir %D/etc/suricata 2>/dev/null || true
|
||||||
|
@unexec echo "completely uninstalling %D/include/htp"
|
||||||
|
@unexec /bin/rm -rf %D/include/htp 2>/dev/null || true
|
Loading…
Reference in New Issue
Block a user